This manual is intended for experienced Java developers, deployers, and application managers who want to understand the security features of OC4J. It discusses the Oracle Application Server Java Authentication and Authorization Service (JAAS) Provider in detail, as well as discussing security implications of individual J2EE features, including Web applications, Enterprise JavaBeans (EJBs), the J2EE Connector Architecture, Secure Sockets Layer, and the Common Secure Interoperability Version 2 protocol (CSIv2).